Cacti v1.2.8 Release Notes
Release Date: 2019-12-09 // over 4 years ago-
๐ Release of Cacti 1.2.8
๐ Thank you everyone who are using Cacti and especially those helping to make Cacti better!
For additional details check out the README located on GitHub.
IMPORTANT: This release addresses two CVE's that were reported. For more information see the changelog.
Contribute
๐ Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!
๐ Change Log
- ๐ security#3025: CVE-2019-17357 When viewing graphs, some input variables are not properly checked (SQL injection possible)
- ๐ security#3026: CVE-2019-17358 When deserializating data, ensure basic sanitization has been performed
- ๐ security#3066: When using HTTPS, secure cookie to prevent potential weakness
- issue#1228: Any tree or branch with a long name force main content off screen
- issue#2133: Long snmp_indexes are being cut off
- issue#2888: Long hostnames cause template filter to go off page
- โก๏ธ issue#2987: Changing Color Template does not update Aggregate
- issue#2989: Allow Remote Data Collectors to maintain their own path variables
- issue#2991: Cacti Statistics device template can generate unexpected errors
- issue#2995: When editing a report, column setting may be ignored incorrectly
- issue#2996: When editing a user, graph options do not properly reflect previously saved settings
- ๐ issue#2998: Session performance issues due to excessive use for database storage
- issue#2999: Blank arguments can lead to extra spaces in script arguments
- โ issue#3006: Boost generates undefined variables warning during poller run
- ๐ฒ issue#3011: i18n logging does not check write permission exists
- issue#3012: When viewing realtime graphs, some input variables are not properly checked
- issue#3013: Allow legends to be modified for Aggregate Graphs
- issue#3017: Automation network range with spaces fails validation
- issue#3019: User selected language is not always adhered to
- issue#3021: Tree view cuts off at the bottom of page on modern theme
- issue#3023: When clicking highlighted tab, side panel is not always shown/hidden correctly
- issue#3027: Aggregate Graph re-ordering does not work
- issue#3028: When zooming a graph, unable to reach edge of graph without losing focus
- issue#3030: Pace continues to run even after a page is finished rendering
- issue#3032: Graphs may select MAX instead of AVERAGE as consolidation function even if there is no item with MAX present.
- ๐ issue#3035: When editing a tree, can not remove entries due to CSS bug
- issue#3037: When emptying poller output using cli, debug functions are not properly included
- ๐ฆ issue#3039: Allow packagers to be able to specify an alternate location of csrf-secret.php file
- issue#3040: When running automation, discovery can still run even if cancelled
- issue#3041: When running automation, scans do not always respond to being cancelled
- issue#3042: When running automation, scan can fail when selecting remote pollers
- issue#3045: When viewing Aggregate Graphs, an error due to undefined referrer may occur
- issue#3047: When saving settings, ignore remote pollers who have not checked in recently
- issue#3050: When viewing graph trees, some input variables are not properly checked
- ๐ issue#3052: When editing CDEF's, slow database performance can occur
- issue#3053: When viewing graph thumbnails, some input variables are not properly checked
- โฌ๏ธ issue#3055: During install/upgrade, database tests are not performed correctly
- issue#3059: When using nth_percentile, correct value is not always returned if using MAX consolidation
- โฌ๏ธ issue#3060: When upgrading from older MySQL databases, format is not changed from compact to dynamic
- issue#3061: When running automation, allow SNMP to be used as a ping method
- issue#3068: When administrating users, some input variables are not properly checked
- ๐ฒ issue#3070: Improve database logging when a crashed table is encountered
- issue#3073: Automation network range does not always produce the correct start/end values
- โ issue#3078: When viewing graph debug from remote data collector, File Not Found warnings can appear incorrectly
- issue#3079: Allow domain names to be stripped from a device's long description
- โ issue#3080: Remote Agent throws warnings that graph_nolegend has not been sanitized
- issue#3085: When editing a poller, ensure each listening IP is unique
- issue#3081: External Links are not showing a glyph when they appear on the Console menu
- issue#3089: When viewing graphs in realtime, undefined variable can be logged for 95th Percentile graphs
- ๐ง issue#3099: Graph template 'Linux - Memory Usage' has the wrong unit on its vertical_label
- issue#3101: Polling times can be slightly inconsistent due
- ๐ issue#3104: When viewing graphs, a byref error can be seen in the error logs
- issue#3105: When viewing hosts, some input variables are not properly checked
- ๐ป issue#3111: When adding devices via command line, bad SNMP versions are not reported
- issue#3112: When zooming on Graphs, too many requests are being made causing slowness
- ๐ issue#3114: Support for USB devices that change name due to their hosts restarting
- issue#3118: When converting tables, the dynamic row format should be selected
- โฌ๏ธ issue#3119: Main Data Collector should perform a Full Sync whenever it is installed/upgraded
- issue#3120: Correct issues causing incompatibility with PHP 7.4
- issue#3121: When converting tables during install, show what will be changed
- โฌ๏ธ issue#3123: Named colors table is not properly imported/upgraded
- issue#3124: When a second data collector is added, boost is not enabled automatically
- issue#3128: i18n handler checks for existence of wrong mo file
- issue#3129: Logout repeated occurs even when already logged out
- issue#3132: Installer fails to continue if automation range is array of networks
- ๐ feature#3077: Allow disabling remote poller resource cache replication to support upgrade testing
*** Reporting Issues ***
http://www.cacti.net/issues.php
*** Download Cacti ***
http://www.cacti.net/download_cacti.php
*** Download Spine ***
http://www.cacti.net/spine_download.php
Thanks!
The Cacti Group